A bug that recently infected Twitter has freed the way for hackers to access and get control of many Twitter accounts like @god, @emoji, and @vagina. In other words, these accounts have been ‘jacked’.
So the story goes like this – a flaw seemed when users on Twitter tried to reset their passwords and the social network, instead of showing the email addresses in the normal asterisked out format, displayed the email addresses in full. Under some circumstances, it has been seen, that with the Twitter handle and the email address behind it, users can actually get access to your Twitter accounts.
The hackers can also re-register email addresses that have expired, reset the password and then take hold of the user’s account. Also, via social engineering, they can dupe people into giving out concealed information and hence hijack the accounts while they are still in use.
For example, ever since the account has been hacked, the Twitter handle of @god has been showing tweets like:
“god damn my cock is hard” and “faggot @4iden”.
And all this rubbish, in place of the macros and memes that @go normally tweets. The account’s owner after it was hacked said that he got hold of the account after “recreating Hotmail”. It also expressed gratitude for “0day”, which is hacker lingo for a security wall that is easily ‘hackable’.
A user called @bluedream says that Twitter had “a massive bug that allowed people too [sic] see emails upon password reset” – although he wasn’t able to get any accounts himself.
The account @Emoji, which supposedly belonged to someone from Japan, has suddenly started following people who have been tweeting about this bug; while @Vagina most recent tweet after being hacked is “I’m a big fat juicy pussy”. Most of these tweets have been retweeted by other users, and by following these accounts one can find that many other accounts like @miracles. @point, @just, etc. have also been hacked.
A common thread that links these accounts is the fact that these are short, interesting, or “cool” handles that are an instant favourite among hackers. And astonishingly, they are also paid by underhand means, so that they can target these accounts. There have been revelatory pieces by journalists recently and news that people have agreed to pay 100 pounds to hack into all such three character accounts.
It’s extremely awe-inducing how simple accounts that have become part of our day to day life, can go out of our control in the matter of a few seconds.